54.1 This chapter introduces the ALRC’s recommendations for reform of the credit reporting provisions of the Privacy Act 1988 (Cth). The starting point for these recommendations is that Part IIIA and its related provisions should be repealed and credit reporting regulated under the general provisions of the Privacy Act and the model Unified Privacy Principles (UPPs).[1] Under this regime, privacy regulation specific to credit reporting would be set out in regulations promulgated under the Act—referred to for the purposes of this Report as the Privacy (Credit Reporting Information) Regulations.

54.2 The reasons for recommending the repeal of the credit reporting provisions and the promulgation of the Privacy (Credit Reporting Information) Regulations include the:

  • desirability of amending the Act to achieve greater logical consistency, simplicity and clarity, including by providing one set of overarching privacy principles (that is, the model UPPs);

  • need to specify and modify the operation of the model UPPs in the context of credit reporting, including by providing requirements that are more and less stringent than those principles, as appropriate; and

  • need to improve substantially the provisions regulating credit reporting—for example, to permit more comprehensive credit reporting[2] and to provide individuals with improved dispute resolution mechanisms.[3]

54.3 A desirable third tier of the regulatory model is a credit reporting code developed by industry with input from consumer groups and regulators, including the Office of the Privacy Commissioner (OPC) and the Australian Consumer and Competition Commission (ACCC). This code should provide detailed guidance within the framework provided by the Act and deal, for example, with a range of operational matters relevant to compliance with the permitted content, data quality and dispute resolution obligations set out in the regulations.

[1] The model UPPs are discussed in Part D.

[2] See Ch 55.

[3] See Ch 59.